A US woman is suing the University of Cincinnati (UC) Medical Center, alleging that their employees posted her private medical records onto Facebook.

That's after a screenshot of the private medical record of the unnamed woman, including her personal information and her positive diagnosis for syphilis, was posted to a Facebook group called "Team No Hoes".

That is the most private of private medical information that was posted on Facebook and went out to a group on Facebook that had a huge dissemination.

Commenters on the Facebook post called the woman a "slut" and a "hoe" and told other page visitors that she had a sexually transmitted disease (STD).

Allen described the consequences to his client:

She doesn't want to go out. She doesn't want to talk to people. People who were formerly her friends have made fun of her for it. She's chastised in the community and all of this could've been avoided if UC Med Center had proper protections in place.

The woman is now suing the hospital for more than $25,000 in damages.

In the lawsuit, filed on Tuesday, the woman is suing UC Medical Center, an employee named Ryan Rawls, another unnamed UC employee who's believed to be a nurse, and the woman's ex-boyfriend, Raphael Bradley, WLWT News 5 reports.

Allen told WLWT that Bradley convinced the UC employees to release the medical records, thereby violating state and federal laws.

I reached out to Facebook to ask if it had removed the post with the woman's medical record.

I couldn't track down the specific image (most of these groups are closed/secret), so Facebook couldn't tell me if it has actually taken the post down, but it did refer us to its community standards which state:

Facebook does not tolerate bullying or harassment. We allow users to speak freely on matters and people of public interest, but take action on all reports of abusive behavior directed at private individuals.

In the lawsuit, Allen is asking UC Medical Center to look at its procedures to ensure that something like this doesn't happen again.

Somebody or somebodies obviously didn't take HIPAA too seriously.

HIPAA, or the US's Health Insurance Portability and Accountability Act, covers privacy with regards to information handled by medical professionals.

A screenshot is such a minor thing. It takes a fraction of a second to capture, and it's so easy to post to Facebook.

Unfortunately, just as it's easy to take and post a screenshot, it's also easy for a medical worker to break their Hippocratic oath to do no harm:

I will prescribe regimens for the good of my patients according to my ability and my judgment and never do harm to anyone.

This is just one more reminder that when we rely on institutions' promises to keep our data safe, it's just that - a promise.

The woman is now suing the hospital for more than $25,000 in damages. ...
She should sue for $25 million, because the damage is immense and could last for the rest of her life. A severe penalty could deter these attacks on privacy committed by the medical system (hospital, staff, etc)

She's only suing for $25K?
Her lawyer must not think much of himself...or her.

This type of behavior is unconscionable. It should be punished by the strongest measures available. If it's not, it sets a precedent that user or patient data is fodder for anyone to use for their own purposes with no consequences. (That's assuming anyone really cares about privacy beyond all the political yapping that goes on.)

i agree jonathan! And as for the "illusion of privacy" we get from the govt, that's bad enough! But to have private citizens posting our medical records is really going beyond! And the fact that he "made" her give him the records?? that just doesn't wash. something funky going on there. How would he even have know this woman's diagnosis unless the girlfriend told him in the first place, and did he know this woman or was it just a random "let me know her info so i can post it on this "cool" page i got going, kinda thing?

Oops, this story was too new this weekend. The full story is even seedier than that. I guess the ex-boyfriend knew someone (the mother of his child) at the healthcare facility. Ugh. It's a Jerry Springer situation.

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.